Abstract
Android phones often carry sensitive personal information such as contact books or physical locations. Such private data can be easily leaked by buggy applications by accident or by malicious applications intentionally. Much work has been proposed for privacy protection in Android systems, but there still lacks effective approaches to prevent information leak caused by Inter-Component Communication (ICC).
We present AndroidLeaker, a new hybrid analysis tool of privacy protection based on taint analysis for Android applications to prevent the privacy leak caused by multiple application cooperation. Our approach combines static analysis and dynamic checking. Static analysis is used to check the information leak in the individual applications and dynamic checking at runtime is responsible for preventing the information leak caused by cooperation of multiple applications. Such a combination may effectively reduce the runtime overhead of pure dynamic checking, and reduce false alarms in pure static analysis.
This work is supported in part by grants from National Natural Science Foundation of China (NSFC) under Grant Nos. 61632005 and 61379039.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: PLDI 2014, pp. 259–269 (2014)
Bodden, E.: Inter-procedural data-flow analysis with IFDS/IDE and soot. In: SOAP 2012, pp. 3–8 (2012)
Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252 (2011)
Enck, W., Gilbert, P., Chun, B.G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: OSDI 2010, pp. 1–6 (2010)
Gibler, C., Crussell, J., Erickson, J., Chen, H.: AndroidLeaks: automatically detecting potential privacy leaks in android applications on a large scale. In: Katzenbeisser, S., Weippl, E., Camp, L.J., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust 2012. LNCS, vol. 7344, pp. 291–307. Springer, Heidelberg (2012). doi:10.1007/978-3-642-30921-2_17
Kim, J., Yoon, Y., Yi, K., Shin, J.: SCANDAL: static analyzer for detecting privacy leaks in android applications. In: MoST 2012 (2012)
Lengauer, T., Tarjan, R.E.: A fast algorithm for finding dominators in a flowgraph. ACM Trans. Program. Lang. Syst. 1(1), 121–141 (1979)
Lu, L., Li, Z., Wu, Z., Lee, W., Jiang, G.: CHEX: statically vetting android apps for component hijacking vulnerabilities. In: CCS 2012, pp. 229–240 (2012)
Mann, C., Starostin, A.: A framework for static detection of privacy leaks in android applications. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing, SAC 2012, pp. 1457–1462 (2012)
Nadkarni, A., Enck, W.: Preventing accidental data disclosure in modern operating systems. In: CCS 2013, pp. 1029–1042 (2013)
Octeau, D., McDaniel, P., Jha, S., Bartel, A., Bodden, E., Klein, J., Le Traon, Y.: Effective inter-component communication mapping in android with Epicc: an essential step towards holistic security analysis. In: SEC 2013, pp. 543–558 (2013)
Reps, T., Horwitz, S., Sagiv, M.: Precise interprocedural dataflow analysis via graph reachability. In: POPL 1995, pp. 49–61 (1995)
Sakamoto, S., Okuda, K., Nakatsuka, R., Yamauchi, T.: DroidTrack: tracking information diffusion and preventing information leakage on android. In: Park, J.J.J.H., Ng, J.K.-Y., Jeong, H.Y., Waluyo, B. (eds.) Multimedia and Ubiquitous Engineering. LNEE, vol. 240, pp. 243–251. Springer, Dordrecht (2013). doi:10.1007/978-94-007-6738-6_31
Sun, M., Wei, T., Lui, J.C.: TaintART: a practical multi-level information-flow tracking system for android runtime. In: CCS 2016, pp. 331–342 (2016)
Vallée-Rai, R., Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot: a java bytecode optimization framework. In: CASCON 2010, pp. 214–224 (2010)
Xia, M., Gong, L., Lyu, Y., Qi, Z., Liu, X.: Effective real-time android application auditing. In: S&P 2015, pp. 899–914 (2015)
Xiao, X., Tillmann, N., Fahndrich, M., de Halleux, J., Moskal, M.: User-aware privacy control via extended static-information-flow analysis. In: ASE 2012, pp. 80–89 (2012)
Xu, R., Saïdi, H., Anderson, R.: Aurasium: Practical policy enforcement for android applications. In: Security 2012, pp. 27–27 (2012)
Yang, Z., Yang, M.: LeakMiner: detect information leakage on android with static taint analysis. In: WCSE 2012, pp. 101–104 (2012)
Yang, Z., Yang, M., Zhang, Y., Gu, G., Ning, P., Wang, X.S.: AppIntent: analyzing sensitive data transmission in android for privacy leakage detection. In: CCS 2013, pp. 1043–1054 (2013)
Zhao, Z., Osorio, F.C.C.: TrustDroid: preventing the use of smartphones for information leaking in corporate networks through the used of static analysis taint tracking. In: MALWARE 2012, pp. 135–143 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Zhang, Z., Feng, X. (2017). AndroidLeaker: A Hybrid Checker for Collusive Leak in Android Applications. In: Larsen, K., Sokolsky, O., Wang, J. (eds) Dependable Software Engineering. Theories, Tools, and Applications. SETTA 2017. Lecture Notes in Computer Science(), vol 10606. Springer, Cham. https://doi.org/10.1007/978-3-319-69483-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-69483-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69482-5
Online ISBN: 978-3-319-69483-2
eBook Packages: Computer ScienceComputer Science (R0)